469,090 Members | 1,163 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,090 developers. It's quick & easy.

escaping before inserts - get_magic_quotes_gpc


Folks,

This questions is directed towards PHP/MySQL folk and relates to escaping
hooks, apostraphe's and other characters that can create a security hole
when writing to databases/files. I've been reading
http://ca2.php.net/manual/en/functio...quotes-gpc.php and just need
to confirm a couple of things:

If I have magic_quotes_gpc on, and I use addslashes() - Does this in effect
cause me to take security one step forward, and then back again? I mean, if
magic_quotes_gpc is on, it will escape all my data before writing it to the
database - But if I also use addslashes() will it not escape the escapes put
in by magic_quotes_gpc?

When I perform a SELECT at the moment, the data that contains special
characters is being returned with a backslash... This is wrong, correct?
Because a properly escaped character should be stored without the backslash,
true? Thus this means my quotes, or double quotes should be stored in my
table, and the quotes should not be preceeded by the backslash character as
part of the returned string from my SELECT.

How can I test that I am storing my data properly? (Thus, how can I perform
a friendly attack on my database through my client HTML forms). I've tried
`/bin/ls -l > /tmp/rd1` but this does not create a temp file in my temp
directory - Thus, does this mean I have myself secure against this sort of
common hack attack?

All help, via the newsgroup, is much appreciated,
Thanks
Randell D.
Jul 19 '05 #1
0 1049

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Reply Via Newsgroup Thanks | last post: by
reply views Thread by Hal Halloway | last post: by
4 posts views Thread by Dave Moore | last post: by
14 posts views Thread by Ian Rastall | last post: by
5 posts views Thread by bobbyballgame | last post: by
11 posts views Thread by Geoff Caplan | last post: by
3 posts views Thread by Taras_96 | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by kglaser89 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.